California just became the first country on the internet cyber security law internet

California Governor Jerry Brown signed a cyber security law dealing with "smart" devices, California became the first country to pass such a law. The bill was adopted last year by the SB – 327, passed by the Senate in late August.

As of January 1, 2020, manufacturers of devices that connect directly or indirectly to the Internet must have "reasonable" security features designed to prevent unauthorized access, tampering or leakage Hmm. If you can access the outside of the local area network using a password, you need to set a unique password for each device or let the user set up your password the first time you connect. That is, the default credentials are no longer common to attackers.

This bill was welcomed as a good first step for some people and criticized other people about their vague things. Cyber ​​security expert Robert Graham was one of the most critical critics. He focused on adding 'good' features rather than removing bad things that opened the device to attack, claiming security concerns. Although he admired the password requirement, it does not cover all of the authentication systems that may or may not be called passwords, leaving a security hole where manufacturers allow SP to Mirai botnet can do. 2016

However, other people, including Bruce Schneier, a member of Harvard University, said it was a good start. "Perhaps not too far, but it is not a reason not to pass," he said. Washington . This rule applies to the state as a whole, but all device manufacturers selling products in California pass that benefit to customers elsewhere.

Several bills related to the internet of things were submitted to Congress, but no one attended the vote. In 2017, the IoT Cyber ​​Security Improvement Act establishes minimum security standards for connected devices purchased by the government, but it is not US electronics.

Hope you like the news:

California just became the first country on the internet cyber security law internet